Self-Propagating Supply Chain Worm Hijacks npm Packages to Steal Developer Tokens

April 22, 2026

Scroll

Posted 3 hours ago by
The Hacker News

Cybersecurity researchers have flagged a fresh set of packages that have been compromised by bad actors to deliver a self-propagating worm that spreads through stolen developer npm tokens. The supply chain worm has been detected by both Socket and StepSecurity, with the companies tracking the activity under the name CanisterSprawl owing to the use of an ICP canister to exfiltrate the stolen data

Read Full Article

The Hacker News

Coverage and analysis from United States of America. All insights are generated by our AI narrative analysis engine.

United States of America

Bias: Unknown

People's Voices (0)

0/500

Note: Comments are moderated. Please keep it civil. Max 3 comments per day.

No recent articles found in this language.

0

Self-Propagating Supply Chain Worm Hijacks npm Packages to Steal Developer Tokens

April 22, 2026

Posted 3 hours ago by
The Hacker News

The Hacker News

People's Voices (0)

Leave a comment

You might also like

Explore More

Explore

Categories

News From

0

Self-Propagating Supply Chain Worm Hijacks npm Packages to Steal Developer Tokens

April 22, 2026

Posted 3 hours ago by The Hacker News

The Hacker News

People's Voices (0)

Leave a comment

You might also like

Explore More

Posted 3 hours ago by
The Hacker News